Updates role mappings

PUT /organizations/{organization_id}/role_mappings

Updates the role assignments applicable when logging via SSO. Currently unavailable in self-hosted ECE.

Path parameters

organization_id string Required

Identifier for the Organization

application/json

Body Required

The role mappings to update

mappings array[object] Required

The rules for mapping role assignments in the organization
Hide mappings attributes Show mappings attributes object
- enabled boolean Required
  
  Whether or not the role mapping is enabled
- name string Required
  
  The name of the role mapping
- rule object Required
  
  The rule to match
  Hide rule attributes Show rule attributes object
  
  any array[object]
  
  The rules that must match. Only one rule must match for the role assignment to be applied.
  
  Hide any attribute Show any attribute object
  
  group string Required
  
  The group to match. Can have wildcards.
  
  all array[object]
  
  The rules that must match. All rules must match for the role assignment to be applied.
  
  Hide all attribute Show all attribute object
  
  group string Required
  
  The group to match. Can have wildcards.
- role_assignments object Required
  
  The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.
  Hide role_assignments attributes Show role_assignments attributes object
  
  platform array[object]
  
  Assignments for roles with platform scope.
  
  Assignment for a role with platform scope.
  
  Hide platform attribute Show platform attribute object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization array[object]
  
  Assignments for roles with organization scope.
  
  Assignment for a role with organization scope.
  
  Hide organization attributes Show organization attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  deployment array[object]
  
  Assignments for roles with deployment scope.
  
  Assignment for a role with deployment scope.
  
  Hide deployment attributes Show deployment attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.
  
  deployment_ids array[string]
  
  The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.
  
  project object
  
  Assignments for roles with project scope.
  
  Hide project attributes Show project attributes object
  
  elasticsearch array[object]
  
  The Elasticsearch project-scoped role assignments to set
  
  Assignment for a role with project scope.
  
  Hide elasticsearch attributes Show elasticsearch attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
  
  observability array[object]
  
  The Observability project-scoped role assignments to set
  
  Assignment for a role with project scope.
  
  Hide observability attributes Show observability attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
  
  security array[object]
  
  The Security project-scoped role assignments to set
  
  Assignment for a role with project scope.
  
  Hide security attributes Show security attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

Responses

200 application/json

An empty response
400 application/json

Validation error. (code: org.role_mapping_rule.syntax_error)
Hide headers attribute Show headers attribute
- x-cloud-error-codes string
  
  The error codes associated with the response
  
  Value is org.role_mapping_rule.syntax_error.
Hide response attribute Show response attribute object
- errors array[object] Required
  
  A list of errors that occurred in the failing request
  
  Hide errors attributes Show errors attributes object
  
  code string Required
  
  A structured code representing the error type that occurred
  
  message string Required
  
  A human readable message describing the error that occurred
  
  fields array[string]
  
  If the error can be tied to a specific field or fields in the user request, this lists those fields
404 application/json

Organization not found. (code: organization.not_found)
Hide headers attribute Show headers attribute
- x-cloud-error-codes string
  
  The error codes associated with the response
  
  Value is organization.not_found.
Hide response attribute Show response attribute object
- errors array[object] Required
  
  A list of errors that occurred in the failing request
  
  Hide errors attributes Show errors attributes object
  
  code string Required
  
  A structured code representing the error type that occurred
  
  message string Required
  
  A human readable message describing the error that occurred
  
  fields array[string]
  
  If the error can be tied to a specific field or fields in the user request, this lists those fields

PUT /organizations/{organization_id}/role_mappings

curl \
 --request PUT 'https://api.elastic-cloud.com/api/v1/organizations/{organization_id}/role_mappings' \
 --header "Content-Type: application/json" \
 --data '{"mappings":[{"enabled":true,"name":"string","rule":{"any":[{"group":"string"}],"all":[{"group":"string"}]},"role_assignments":{"platform":[{"role_id":"string"}],"organization":[{"role_id":"string","organization_id":"string"}],"deployment":[{"role_id":"string","organization_id":"string","all":true,"deployment_ids":["string"],"application_roles":["string"]}],"project":{"elasticsearch":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"observability":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"security":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}]}}}]}'

Request examples

{
  "mappings": [
    {
      "enabled": true,
      "name": "string",
      "rule": {
        "any": [
          {
            "group": "string"
          }
        ],
        "all": [
          {
            "group": "string"
          }
        ]
      },
      "role_assignments": {
        "platform": [
          {
            "role_id": "string"
          }
        ],
        "organization": [
          {
            "role_id": "string",
            "organization_id": "string"
          }
        ],
        "deployment": [
          {
            "role_id": "string",
            "organization_id": "string",
            "all": true,
            "deployment_ids": [
              "string"
            ],
            "application_roles": [
              "string"
            ]
          }
        ],
        "project": {
          "elasticsearch": [
            {
              "role_id": "string",
              "organization_id": "string",
              "all": true,
              "project_ids": [
                "string"
              ],
              "application_roles": [
                "string"
              ]
            }
          ],
          "observability": [
            {
              "role_id": "string",
              "organization_id": "string",
              "all": true,
              "project_ids": [
                "string"
              ],
              "application_roles": [
                "string"
              ]
            }
          ],
          "security": [
            {
              "role_id": "string",
              "organization_id": "string",
              "all": true,
              "project_ids": [
                "string"
              ],
              "application_roles": [
                "string"
              ]
            }
          ]
        }
      }
    }
  ]
}

Response examples (200)

{}

Response examples (400)

# Headers
x-cloud-error-codes: org.role_mapping_rule.syntax_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Response examples (404)

# Headers
x-cloud-error-codes: organization.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}